VYPR
Vendor

Square

Products
9
CVEs
10
Across products
11
Status
Private

Products

9

Recent CVEs

10
  • CVE-2015-8969CriNov 3, 2016
    risk 0.57cvss 9.8epss 0.05

    git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.

  • CVE-2015-8968HigNov 3, 2016
    risk 0.51cvss 8.8epss 0.05

    git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an…

  • CVE-2018-20200MedApr 18, 2019
    risk 0.39cvss 5.9epss 0.02

    CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a…

  • CVE-2016-2402MedJan 30, 2017
    risk 0.39cvss 5.9epss 0.02

    OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.

  • CVE-2026-45799higMay 19, 2026
    risk 0.38cvss epss 0.00

    # CVE-2026-45799 ## Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of…

  • CVE-2023-3782MedJul 19, 2023
    risk 0.38cvss 5.9epss 0.01

    DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

  • CVE-2024-58103MedMar 16, 2025
    risk 0.31cvss 5.8epss 0.00

    Square Wire before 5.2.0 does not enforce a recursion limit on nested groups in ByteArrayProtoReader32.kt and ProtoReader.kt.

  • CVE-2023-0833MedSep 27, 2023
    risk 0.31cvss 4.7epss 0.00

    A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of…

  • CVE-2023-3635MedJul 12, 2023
    risk 0.31cvss 5.9epss 0.01

    GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

  • CVE-2020-36645MedJan 7, 2023
    risk 0.29cvss 5.5epss 0.01

    A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The patch is named f6f0a47cc344711042eb0970cb423e6950ba3f93. It is…